ApriL 11, 2007The Honorable George W. Bush, President of the United States, The White House, Washington, D.C.
Dear Mr. President:
By establishing the President's Task Force on Identity Theft by Executive
Order 13402 on May 10, 2006, you launched a new era in the fight against
identity theft. As you recognized, identity theft exacts a heavy financial and
emotional toll from its victims, and it severely burdens our economy. You
called for a coordinated approach among government agencies to vigorously
combat this crime. Your charge to us was to craft a strategic plan aiming
to make the federal government's efforts more effective and efficient in the
areas of identity theft awareness, prevention, detection, and prosecution. To
meet that charge, we examined the tools law enforcement can use to prevent,
investigate, and prosecute identity theft crimes; to recover the proceeds of
these crimes; and to ensure just and effective punishment of identity thieves.
We also surveyed current education efforts by government agencies and
the private sector on how individuals and corporate citizens can protect
personal data. And because government must help reduce, rather than
exacerbate, incidents of identity theft, we worked with many federal agencies
to determine how the government can increase safeguards to better secure the
personal data that it and private businesses hold. Like you, we spoke to many
citizens whose lives have been uprooted by identity theft, and heard their
suggestions on ways to help consumers guard against this crime and lessen the
burdens of their recovery. We conducted meetings, spoke with stakeholders,
and invited public comment on key issues.
The views you expressed in the Executive Order are widely shared. There
is a consensus that identity theft's damage is widespread, that it targets all
demographic groups, that it harms both consumers and businesses, and that
its effects can range far beyond financial harm. We were pleased to learn that
many federal departments and agencies, private businesses, and universities
are trying to create a culture of security, although some have been faster than
others to construct systems to protect personal information.
There is no quick solution to this problem. But, we believe that a coordinated
strategic plan can go a long way toward stemming the injuries caused by
identity theft and, we hope, putting identity thieves out of business. Taken as
a whole, the recommendations that comprise this strategic plan are designed
to strengthen the efforts of federal, state, and local law enforcement officers;
to educate consumers and businesses on deterring, detecting, and defending
against identity theft; to assist law enforcement officers in apprehending and
prosecuting identity thieves; and to increase the safeguards employed by
federal agencies and the private sector with respect to the personal data with
which they are entrusted.
Thank you for the privilege of serving on this Task Force. Our work is
ongoing, but we now have the honor, under the provisions of your Executive
Order, of transmitting the report and recommendations of the President's
Task Force on Identity Theft.
Very truly yours,
Alberto R. Gonzales, ChairmanAttorney General
U.S. Department of Justice logo
Deborah Platt Majoras, Co-ChairmanChairman, Federal Trade Commission
United States of America Federal Trade Commission logo
From Main Street to Wall Street, from the back porch to the front office, from
the kitchen table to the conference room, Americans are talking about identity
theft. The reason: millions of Americans each year suffer the financial and
emotional trauma it causes. This crime takes many forms, but it invariably
leaves victims with the task of repairing the damage to their lives. It is a problem
with no single cause and no single solution.
Eight years ago, Congress enacted the Identity Theft and Assumption
Deterrence Act,1 which created the federal crime of identity theft and
charged the Federal Trade Commission (FTC) with taking complaints from
identity theft victims, sharing these complaints with federal, state, and local
law enforcement, and providing the victims with information to help them
restore their good name. Since then, federal, state, and local agencies have
taken strong action to combat identity theft. The FTC has developed the
Identity Theft Data Clearinghouse into a vital resource for consumers and
law enforcement agencies; the Department of Justice (DOJ) has prosecuted
vigorously a wide range of identity theft schemes under the identity theft
statutes and other laws; the federal financial regulatory agencies2 have
adopted and enforced robust data security standards for entities under their
jurisdiction; Congress passed, and the Department of Homeland Security
issued draft regulations on, the REAL ID Act of 2005; and numerous other
federal agencies, such as the Social Security Administration (SSA), have
educated consumers on avoiding and recovering from identity theft. Many
private sector entities, too, have taken proactive and significant steps to protect
data from identity thieves, educate consumers about how to prevent identity
theft, assist law enforcement in apprehending identity thieves, and assist
identity theft victims who suffer losses.
Over those same eight years, however, the problem of identity theft
has become
more complex and challenging for the general public, the
government, and the private sector. Consumers, overwhelmed with weekly
media reports of data breaches, feel vulnerable and uncertain of how to
protect their identities. At the same time, both the private and public sectors
have had to grapple with difficult, and costly, decisions about investments
in safeguards and what more to do to protect the public. And, at every level
of government - from the largest cities with major police departments to the
smallest towns with one fraud detective - identity theft has placed increasingly
pressing demands on law enforcement.
Public comments helped the Task Force define the issues and challenges
posed by identity theft and develop its strategic responses. To ensure that the
Task Force heard from all stakeholders, it solicited comments from the public.
In addition to consumer advocacy groups, law enforcement, business, and
industry, the Task Force also received comments from identity theft victims
themselves.3 The victims wrote of the burdens and frustrations associated
with their recovery from this crime. Their stories reaffirmed the need for the
government to act quickly to address this problem.
The overwhelming majority of the comments received by the Task Force
strongly affirmed the need for a fully coordinated approach to fighting the
problem through prevention, awareness, enforcement, training, and victim
assistance. Consumers wrote to the Task Force exhorting the public and
private sectors to do a better job of protecting their Social Security numbers
(SSNs), and many of those who submitted comments discussed the challenges
raised by the overuse of Social Security numbers as identifiers. Others,
representing certain business sectors, pointed to the beneficial uses of SSNs
in fraud detection. The Task Force was mindful of both considerations, and
its recommendations seek to strike the appropriate balance in addressing SSN
use. Local law enforcement officers, regardless of where they work, wrote
of the challenges of multi-jurisdictional investigations, and called for greater
coordination and resources to support the investigation and prosecution of
identity thieves. Various business groups described the steps they have taken
to minimize the occurrence and impact of the crime, and many expressed
support for risk-based, national data security and breach notification
requirements.
These communications from the public went a long way toward informing
the Task Force's recommendation for a fully coordinated strategy. Only an
approach that encompasses effective prevention, public awareness and education,
victim assistance, and law enforcement measures, and fully engages
federal, state, and local authorities will be successful in protecting citizens and
private entities from the crime.
